`HTTPContext.SignInAsync` 在幕后做了什么？

Question

我对构建自己的登录系统很感兴趣，这使我远离开箱即用Identity，它隐藏了很多细节。

我正在查看使用 cookie 的身份验证。

https://dotnetcoretutorials.com/2017/09/16/cookie-authentication-asp-net-core-2-0/

谈论在幕后发生的签名过程的细节（保存会话、cookie、向数据库写入内容等......）。我有兴趣知道：

什么HTTPContext.SignInAsync功能做我的HTTP请求和响应的到底是什么？或者换句话说，这个功能如何让某人登录？

Answer 1

Note that the code has been changed, below is for version active in 2017 when the question was asked.

https://www.nuget.org/packages/Microsoft.AspNetCore.Http.Abstractions/

https://github.com/aspnet/HttpAbstractions

New github link:

https://github.com/dotnet/aspnetcore

This is a start, from here you can follow the code depending on what you want to know.

Default AuthenticationService in Microsoft.AspNetCore.Authentication

public virtual async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
    if (principal == null)
    {
        throw new ArgumentNullException(nameof(principal));
    }

    if (scheme == null)
    {
        var defaultScheme = await Schemes.GetDefaultSignInSchemeAsync();
        scheme = defaultScheme?.Name;
        if (scheme == null)
        {
            throw new InvalidOperationException($"No authenticationScheme was specified, and there was no DefaultSignInScheme found.");
        }
    }

    var handler = await Handlers.GetHandlerAsync(context, scheme);
    if (handler == null)
    {
        throw await CreateMissingSignInHandlerException(scheme);
    }

    var signInHandler = handler as IAuthenticationSignInHandler;
    if (signInHandler == null)
    {
        throw await CreateMismatchedSignInHandlerException(scheme, handler);
    }

    await signInHandler.SignInAsync(principal, properties);
}

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Authentication.Core/AuthenticationService.cs#L142

可能的覆盖来自Microsoft.AspNetCore.Http.Authentication.Internal DefaultAuthenticationManager

public override async Task SignInAsync(string authenticationScheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
    if (string.IsNullOrEmpty(authenticationScheme))
    {
        throw new ArgumentException(nameof(authenticationScheme));
    }

    if (principal == null)
    {
        throw new ArgumentNullException(nameof(principal));
    }

#pragma warning disable CS0618 // Type or member is obsolete
    var handler = HttpAuthenticationFeature.Handler;
#pragma warning restore CS0618 // Type or member is obsolete

    var signInContext = new SignInContext(authenticationScheme, principal, properties?.Items);
    if (handler != null)
    {
        await handler.SignInAsync(signInContext);
    }

    if (!signInContext.Accepted)
    {
        throw new InvalidOperationException($"No authentication handler is configured to handle the scheme: {authenticationScheme}");
    }
}

https://github.com/aspnet/HttpAbstractions/blob/bc7092a32b1943c7f17439e419d3f66cd94ce9bd/src/Microsoft.AspNetCore.Http/Authentication/DefaultAuthenticationManager.cs#L133